Menu
▾
▴
Re: [Unity-idm-discuss] Disable TLS version
|
From: Krzysztof B. <kb...@un...> - 2020-04-02 10:30:39
|
W dniu 01.04.2020 o 10:57, Sander Apweiler pisze: > Hi Krzysztof, > > at the moment we are using different versions of unity: 2.8.2, 3.2.0 > Java version: openjdk version "1.8.0_161" > OK, so I after some checking (was not so easy as our instances are mostly behind proxies) it seems that it depends :-) On quite a few things like JVM version, settings, ciphersuites etc. Jetty officially has documented that TLS 1.0 and 1.1 are disabled by default but it seems not to be the case always in practice. So to simplify the landscape, in the version 3.2.2 there will be a new option allowing to disable specific protocol versions allowed by the Unity's HTTPS server, regardless of the JVM settings. What is more in 3.3.0 the TLS 1.1 and 1.0 will be disabled *by default*. Cheers, Krzysztof |
